CVE-2021-47456

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-47456
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47456.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-47456
Downstream
Related
Published
2024-05-22T07:15:10.627Z
Modified
2026-03-10T23:51:39.689193Z
Severity
  • 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In the Linux kernel, the following vulnerability has been resolved:

can: peakpci: peakpci_remove(): fix UAF

When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will cause UAF.

Fix this by releasing 'dev' later.

The following log reveals it:

[ 35.961814 ] BUG: KASAN: use-after-free in peakpciremove+0x16f/0x270 [peakpci] [ 35.963414 ] Read of size 8 at addr ffff888136998ee8 by task modprobe/5537 [ 35.965513 ] Call Trace: [ 35.965718 ] dumpstacklvl+0xa8/0xd1 [ 35.966028 ] printaddressdescription+0x87/0x3b0 [ 35.966420 ] kasanreport+0x172/0x1c0 [ 35.966725 ] ? peakpciremove+0x16f/0x270 [peakpci] [ 35.967137 ] ? traceirqenablercuidle+0x10/0x170 [ 35.967529 ] ? peakpciremove+0x16f/0x270 [peak_pci] [ 35.967945 ] __asanreportload8noabort+0x14/0x20 [ 35.968346 ] peakpciremove+0x16f/0x270 [peakpci] [ 35.968752 ] pcideviceremove+0xa9/0x250

References

Affected packages

Git /

Affected ranges

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-47456.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "3.4"
            },
            {
                "fixed": "4.4.290"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "4.5"
            },
            {
                "fixed": "4.9.288"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "4.10"
            },
            {
                "fixed": "4.14.253"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "4.15"
            },
            {
                "fixed": "4.19.214"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "4.20"
            },
            {
                "fixed": "5.4.156"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.5"
            },
            {
                "fixed": "5.10.76"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "5.11"
            },
            {
                "fixed": "5.14.15"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.15-rc1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.15-rc2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.15-rc3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.15-rc4"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.15-rc5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "5.15-rc6"
            }
        ]
    }
]